Protecting Your Account

Today

Steps the university is taking and that you can take to prevent security breaches and fraud.

Traveler at the airport seeing a Duo prompt on their phone

Phishing and other scams continue to be a threat to members of the campus community--in fact, to the entire higher education community. This activity increases over the holidays, when you may be distracted. UITS is implementing some upgrades to the Duo system for NetID+ authentications to help reduce security compromises. You can help protect your account, too! 

Duo Updates 

UITS has implemented two powerful security features—Duo Risk-Based Authentication (RBA) and time-limited passcodes—to help protect your account while keeping things easy for you. 

Duo RBA will dynamically adjust your login process based on risk. You’ll nearly always follow your usual Duo process, and only be asked for additional verification when Duo detects something possibly suspicious—such as a login from a new device or unusual location. Read more about Duo Risk-Based Authentication (log in required). 

Time-limited passcodes add an extra layer of security by generating a unique passcode in your Duo Mobile app every 30 seconds. This prevents cyber criminals from harvesting a passcode and reusing it later. Read more at Duo – Password Expirations (TOTP) (log in required). 

These features work together to provide you with strong security and a smooth, seamless login experience. 

What You Can Do 

Scammers will try to push you into a sense of urgency so that you act before thinking. Types of messages commonly seen include:  

  • Emails from “IT” that your account may be deactivated 
  • Job opportunities with high salaries 
  • See compensation information, your own or your colleagues 
  • Messages that sound like they come from your boss or another leader 

Stop and look twice before doing anything, especially if you are asked for any kind of private information, or if you are asked to buy gift cards, deposit checks, or take any other kind of financial action.  

Other tips to keep in mind:  

  • Look for the [EXT] tag on emails to your university account. Those do not come from a university account, so beware if the message sounds like it is.  
  • If an email from an internal account seems strange, check with someone trusted before acting.  
  • Never share a password or passcode in a Google form.  
  • Never approve a Duo request when you are not logging in at that moment. 

The Duo Mobile app is the easiest, most convenient way to complete your NetID+ two-factor authentication. The 24/7 Support Center is happy to help you set up Duo Mobile.  

As our attention gets pulled away to other things over the holidays, protect yourself by remembering security basics!

24/7 Chat Now